package com.yjb.gateway.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration
public class ResourceSecurityServerConfig {

    @Configuration
    @EnableResourceServer
    public class AuthServerConfig extends ResourceServerConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) throws Exception {
            //所有认证请求  不用认证
            http.authorizeRequests()
                    .antMatchers("/auth/**").permitAll()
                    .and().csrf().disable();
        }
    }

    @Configuration
    @EnableResourceServer
    public class ClientServerConfig extends ResourceServerConfigurerAdapter {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) {
            resources.resourceId("client").stateless(true);
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
            //向clinet的请求 都要认证
            http.authorizeRequests()
                    .antMatchers("/client/**").access("#oauth2.hasScope('ROLE')")
                    .and().csrf().disable();
        }
    }
}
